Copyright information wrong generated at .licenses file by generate_bom.py
Affected images versions
- not relevant (explain why)
- see the table below (list the *architecture and build id of the tested images in the appropriate cells)
Deployment | Type | v2021 | v2022 | v2023 | v2024dev1 |
---|---|---|---|---|---|
apt | minimal/fixedfunction | X | X | ||
ostree | minimal/fixedfunction | (X) | (X) | ||
apt | target/hmi | X | X | ||
ostree | target/hmi | (X) | (X) |
Unaffected images versions
- all versions without generation of .licenses file
- v2021 ( because copyright information was not yet added )
- v2022 ( because copyright information was not yet added )
Steps to reproduce
- Generate system image for fixedfunction/hmi with generating .licenses file like https://images.apertis.org/daily/v2024dev1/20230327.2315/arm64/fixedfunction/apertis_v2024dev1-fixedfunction-arm64-uboot_20230327.2315.img.licenses.gz. This file is created by script generate_bom.py from .
Case 1 (iptables)
- View license files at package iptables
- /usr/share/doc/iptables/copyright
- /usr/share/doc/iptables/iptables_bin2sources_amd64.json
- Get the author of a special file, like
- extensions/libip6t_DNPT.c ==> Copyright: 2012-2013, Patrick McHardy kaber@trash.net
- Get the assigned binary file at the package from iptables_bin2sources_amd64.json
- usr/lib/x86_64-linux-gnu/xtables/libip6t_DNPT.so
- Check the licenses file for iptables and libip6t_DNPT.so for binary_copyright
Expected result
The additional author of extensions/libip6t_DNPT.c "Patrick McHardy" should be set at .licenses file
Actual result
The special author like "Patrick McHardy" (but also a lot more) are not put to .licenses file
Case 2 (net-tools)
- View license files at package net-tools
- /usr/share/doc/net-tools/copyright
- Get the author of iptunnel.8: Copyright: © 2018 Sergio Durigan Junior
- iptunnel.8 is set as man page at debian/rules and installed at /usr/share/man/man8/iptunnel.8.gz
- Check the licenses file for iptunnel.8.gz
Expected result
The additional author of iptunnel.8.gz "Sergio Durigan Junior" should be set at .licenses file.
Actual result
The special author like "Sergio Durigan Junior" is not put to .licenses file. Only the fact of suppressing man pages at image installation prevents licensing problems.
Case 3 (adduser, but also others):
The copyright file doesn't follow machine readable rules. So the license and the copyright information is empty.
Reproducibility
How often the issue is hit when repeating the test and changing nothing (same device, same image, etc.)?
Put the
-
✅ always - often, but not always
- rarely
Impact of bug
The .licenses file can't be used for needs for SBOM to document Copyright owners.
Attachments
Root cause
Something at generate_bom.py from
Outcomes
TBD
Management data
This section is for management only, it should be the last one in the description.
/cc @andrunko @em @sagar @sudarshan @wlozano
Phabricator link: https://phabricator.apertis.org/T9648